Steve:
First,thanks a lot, i need your help.
I have written a ssl proxy to improve security, and now i have
some problem:
1.I can only get site certification from IIS (apache build in modssl is ok)
using X509_STORE_CTX_get_chain() in my verify_call
which is a callback function used in SSL_CTX_set_verify, i think this is iis's
characteristic, really?
2. when he used my ssl proxy as his browser's ssl proxy,
I want to display a popup listbox to let user select personal certificate
when www site require personal certificate just like IE and Netscape,
so i must have already got site's certify chain, i can't get it by using
X509_STORE_CTX_get_chain()
in my verify_call, it only return site certificate ,when site www server is iis,
i can get root ca which signed this site
certificate, but no site's certify chain which can let me choose
my personal certificate.
Thanks a lot.
jasson
������վ�����߽�������ֵĶ������磬
�е�Ӱ������Ϸ������MTV��ǧ�������ˣ�
http://cartoon.163.com
�������ڽ���FLASH��Ϸ���������������ֵ����٣�
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
